Cryptic error messages if validation failed

[aschekatihin]

One of the past issues still valid: #227
There is no way to understand what's wrong with your setup except trial and error or debugging node_modules. If something is wrong all you get is invalid token and that's it.

It seems like verify_err could be passed to errorContext and handled at errorFunc to log real problem to server log while returning generic error for users.

[nelsonic]

@aschekatihin it's very difficult for us to debug this error without more detail.
Are you able to share a bit more of you code than a screenshot?
(you can temporarily add me to private repo if you like so I can help you debug it...)

[aschekatihin]

It is easy to reproduce, just use incorrect audience, issuer or algorithm in verifyOptions to make it fail.
Sorry, can't add you to private repo.
But I can share a pull request that contains changes I did locally to have detailed log for almost every call of raiseError:

by using existing errorFunc:

[nelsonic]

@aschekatihin sorry, I don't follow. Are you submitting a valid JWT (token) but with invalid/incorrect verifyOptions ?

[aschekatihin]

@nelsonic , either valid JWT and invalid verifyOptions or vice versa. In both cases there will be invalid token error with no details. Specifying incorrect verifyOptions is just easy way to test it.

[aschekatihin]

Invalid verifyOptions is a synthetic way to simulate real problem, not sure what's confusing about it. If you settings up custom OpenId server like keykloak it could be misconfigured in several areas and without detailed error it is not so easy to find what excatly is wrong. jsonwebtoken 's verify() provides these details, they are just hidden for some unknown reason

[aschekatihin]

#298